Legal
Privacy Policy
AmbassadorFlow (“AmbassadorFlow”, “we”, “us”, “our”) is the name under which GrowSocial LTD provides referral, ambassador, affiliate, and influencer marketing software. GrowSocial LTD is registered in Malta (C 79065). This Privacy Policy explains how we collect, use, share, and protect personal data when you:
- Visit our sales website ambassadorflow.com (“Visitor”);
- Create or use a merchant account on go.ambassadorflow.com or app.ambassadorflow.com, or install our Shopify app or WooCommerce plugin (“Client”);
- Are a customer, ambassador, affiliate, creator, or visitor whose data a Client processes through our Platform (“End Customer” — see §14); or
- Appear in our Influencer Discovery module (where that module is enabled — see §12).
We process personal data on one or more of the following legal bases: Contract (to provide the Platform you sign up for); Legitimate interest (to secure our services, prevent fraud, and conduct proportionate B2B marketing); Legal obligation (tax, accounting, regulatory duties); and Consent (non-essential cookies and certain marketing messages). We do not sell or rent personal data to third parties for their independent marketing.
Related documents: Terms and Conditions, Data Processing Agreement (when we process End Customer Data on a Client’s behalf), Sub-processor list.
1. Definitions
Key terms used in this Policy:
- Personal Data — information relating to an identified or identifiable natural person.
- Processing — any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).
- Controller — the entity that determines the purposes and means of processing.
- Processor — an entity that processes Personal Data on behalf of a Controller.
- Sub-processor — a third party engaged by us to deliver part of the service.
- Platform — the AmbassadorFlow application at go.ambassadorflow.com and app.ambassadorflow.com, Shopify embedded app, WooCommerce plugin, APIs, and Ambassador Center pages we host for Clients.
- Client — a merchant or business that creates an account or installs our app/plugin.
- End Customer — a natural person whose data a Client processes through the Platform (for example a referral ambassador or referred buyer).
- Ambassador Center — branded web pages we host for a Client where End Customers join programmes or view offers.
- EEA — European Economic Area.
2. Changes to this Policy
We may update this Policy from time to time by posting a revised version on this page with an updated “Last updated” date. Continued use of the Platform after an update constitutes acceptance of the revised Policy where permitted by applicable law and your contract with us. If you disagree with an update, stop using the Platform and cancel your subscription.
3. Your data-subject rights
Where GDPR or similar laws apply, you may have the right to:
- Access — obtain a copy of Personal Data we hold about you.
- Rectify — correct inaccurate or incomplete data.
- Erase — request deletion where we have no lawful reason to keep data.
- Restrict or object to processing in certain cases.
- Portability — receive your data in a machine-readable format where applicable.
- Withdraw consent where processing relies on consent.
- Lodge a complaint with the Maltese IDPC or your local supervisory authority.
End Customers who participated in a Client’s programme should contact the Client (merchant) first, as the Client is usually the Controller. We assist Clients as Processor where required by our DPA and mandatory platform webhooks.
Send requests to support@ambassadorflow.com. We respond within one month unless an extension is permitted by law.
4. Contact
Privacy and data protection enquiries:
support@ambassadorflow.com
GrowSocial LTD, Level 5, Carolina Court, Giuseppe Cali Street, Ta’Xbiex XBX 1425, Malta
5. Where we store data and international transfers
Primary application databases are hosted by Hetzner in the European Union (EEA). Some providers process data outside the EEA. Where required, we rely on appropriate safeguards such as EU Standard Contractual Clauses (SCCs).
5.1 Sub-processors (summary)
The current list is published at ambassadorflow.com/sub-processor-list.
| Sub-processor | Purpose | Typical data | Region | Privacy policy |
|---|---|---|---|---|
| Hetzner Online GmbH | Cloud hosting (servers, databases, storage) | All Platform data at rest | EU (primary); US where used for specific stacks | Privacy policy |
| Twilio SendGrid | Transactional email | Recipient email, message content | US — SCCs | Privacy policy |
| Stripe Payments Europe Ltd | Platform subscription billing (non-Shopify Clients) | Billing contact, payment metadata, card last 4 digits | Ireland / US — SCCs | Privacy policy |
| MillionVerifier | Optional email validation on referral join pages | Email address submitted at signup | EU / US | Privacy policy |
| Shopify Inc. | Shopify store integration (APIs, webhooks, metafields, checkout extensions) | Order/customer fields permitted by merchant; GDPR webhook payloads | Global (merchant store region) | Privacy policy |
Shopify Billing: Clients who subscribe via the Shopify App Store are billed by Shopify on our behalf. We do not receive full payment card numbers for those subscriptions; Shopify acts under its own terms as the merchant’s platform and billing provider.
Third-party websites or embeds (for example Shopify admin, YouTube, or chat widgets on our sales site) are governed by their own privacy notices.
6. How we protect your data
- Encryption in transit (TLS) and encryption at rest where supported by infrastructure.
- Role-based access control and multi-factor authentication for privileged staff access.
- Firewalls, network isolation, and monitoring.
- Application and server logs with 30-day retention (rotated automatically).
- Regular patching, vulnerability management, and off-site backups.
- Documented incident-response procedures; breach notifications without undue delay where required.
6.1 Processing purposes (overview)
| Purpose | Categories of data | Legal basis |
|---|---|---|
| Provide & maintain the Platform | Account, usage, integration tokens | Contract |
| Billing & tax (non-Shopify) | Invoices, VAT/TIN, Stripe payment metadata | Legal obligation / Contract |
| Security & fraud prevention | IP logs, device info, activity logs | Legitimate interest |
| Product analytics & improvement | Pseudonymised usage events | Legitimate interest |
| B2B marketing | Name, business email, preferences | Consent / Legitimate interest (B2B) |
| End Customer programmes (on Client instructions) | See §14 | Client’s legal basis; we act as Processor |
7. Cookies and similar technologies
Cookies are small files stored on your device. We use different cookies on different properties. Non-essential cookies (analytics, marketing) are used only after you give consent where required by law.
7.1 ambassadorflow.com (sales website)
Applies when you browse our marketing site at ambassadorflow.com.
Essential cookies (always active) support site operation, security, and storing your cookie consent choice. Non-essential cookies listed below are loaded only after you opt in via our cookie banner, where required by law.
Google Search Console is a tool we use as site operators to monitor search visibility. It does not place marketing or analytics cookies on your browser when you visit ambassadorflow.com.
| Service | Type | Purpose | Typical retention |
|---|---|---|---|
| Cookie consent storage | Essential | Remember accept / reject choice for optional cookies | Up to 12 months |
| Google Tag Manager | Analytics / marketing (consent) | Load and manage other tags (for example Google Analytics) after consent | Per Google policy |
| Google Analytics | Analytics (consent) | Aggregate traffic, pages viewed, and site performance | Up to 26 months (Google default settings) |
| PostHog | Analytics (consent) | Product and marketing-site usage analytics, funnels, and session replay (if enabled) | Per PostHog project settings |
| Meta (Facebook) Pixel | Marketing (consent) | Ad measurement, attribution, and remarketing audiences | Per Meta policy (typically up to 90 days for event data) |
| Crisp (crisp.chat) | Functional / analytics (consent) | Live chat, support conversations, and chat-widget analytics | Per Crisp policy |
These providers may process IP address, device/browser information, pages viewed, and interactions on ambassadorflow.com. Some operate in the United States or other countries outside the EEA; where required, appropriate safeguards (such as SCCs) apply. See each provider’s privacy policy for details.
You can change your consent choice at any time via the cookie banner on ambassadorflow.com. Rejecting optional cookies does not block access to the site.
7.2 go.ambassadorflow.com and app.ambassadorflow.com (merchant Platform)
Applies when you log in to the AmbassadorFlow merchant dashboard (standalone tab or embedded in Shopify admin).
We do not use third-party marketing, analytics, or advertising cookies on the merchant Platform. No Google Analytics, PostHog, Meta Pixel, or similar trackers are loaded in the dashboard. Usage and security events may be logged on our servers (first-party, backend logging) for operation, support, and fraud prevention — that is separate from browser marketing cookies.
Only first-party, essential cookies (and closely related functional storage) are set, for example:
| Cookie / storage | Type | Purpose | Typical retention |
|---|---|---|---|
laravel_session (or equivalent session cookie) | Essential | Authenticated merchant session | Session (configurable, typically up to 2 hours idle / browser close) |
XSRF-TOKEN | Essential | Cross-site request forgery protection | Session |
| Remember-me / auth token (if used) | Essential | Persistent login for standalone tabs | Per account settings |
| Shopify App Bridge session (embedded admin) | Essential | Secure embedded app authentication inside Shopify admin | Managed by Shopify session |
| Functional preferences (if any) | Essential / functional | UI state, locale, onboarding progress | Session to 12 months |
Embedded Shopify admin sessions rely on Shopify’s own cookies and App Bridge security; those are governed by Shopify’s policies, not our marketing-site cookie banner.
7.3 Ambassador Center and merchant storefront (End Customer cookies)
When End Customers visit a merchant-branded Ambassador Center (for example {brand}.ambassadorflow.com) or a Client’s Shopify/WooCommerce storefront with our tracking enabled, different cookies apply. Those cookies support referral attribution, session state, fraud prevention, and page analytics.
The Client (merchant) is the Controller for those End Customers. Detailed cookie descriptions, retention windows, and programme-specific notices are provided in the Ambassador Center privacy policy for that merchant (editable by the Client, with a fixed AmbassadorFlow processor section appended). We operate those pages as Processor on the Client’s instructions.
Examples of cookies the Client’s privacy notice may describe (not exhaustive):
- Ambassador Center session and view-tracking cookies (for example
af_sess_{storeId}) — typically ~1 hour. - Storefront referral attribution cookies (for example
ambassadorflow_referral) — TTL set by the merchant, often up to 60 days. - Security / self-referral guard cookies configured by the merchant.
End Customers should read the privacy policy linked from the cookie banner on the Ambassador Center they visit.
8. Visitors (ambassadorflow.com)
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) to operate, secure, and improve our websites.
8.1 Data we collect automatically
- IP address and rough geolocation
- Browser, device, and operating system
- Referrer, pages viewed, clicks, and timestamps
- Cookie consent choices (see §7.1)
8.2 Purpose
- Site operation and performance measurement
- Fraud and abuse prevention
- Regional content and language display
8.3 Retention
Server and security logs on our infrastructure: 30 days. Where you consent to marketing-site analytics (Google Analytics, PostHog, etc.), those providers retain pseudonymised data according to their own settings (for example up to 26 months for Google Analytics).
9. Clients (merchant Platform users)
Legal bases: Contract, legal obligation, legitimate interest, and consent (optional marketing).
9.1 Data we collect
- Name, company name, and VAT number (where applicable)
- Business email and phone
- Billing address and subscription plan
- Hashed password or SSO / OAuth identifiers (Shopify install)
- Shop domain, Shopify access tokens, or WooCommerce plugin subscription token
- IP addresses and login timestamps
- Support tickets, chats, and call recordings (if used)
- In-app usage metrics
9.2 Billing data
- Shopify App Store: subscription charges appear on your Shopify invoice. We receive billing status from Shopify, not your full card number.
- WooCommerce and other direct subscriptions: payment processing via Stripe. Card numbers are sent directly to Stripe; we retain only a non-reversible token and limited metadata (for example last four digits and expiry).
9.3 Why we collect it
- Authenticate and authorise Platform access
- Process payments and issue invoices (financial records kept up to 6 years where required)
- Provide support and product updates
- Secure the service and analyse usage
- Send marketing where legally permitted
9.4 Retention
We keep account data while your subscription is active. After account deletion or 24 months of inactivity, we delete or anonymise Client account data within 30 days, except statutory financial records.
10. Data processed on behalf of Clients (Processor role)
For End Customer Data that a Client creates, stores, or otherwise processes through the Platform:
- The Client is the Controller.
- AmbassadorFlow is the Processor under our Terms and Data Processing Agreement.
We act only on the Client’s instructions — through Platform configuration, use of the service, and reasonable written requests — and solely to deliver agreed services. The Client must have a lawful basis and provide appropriate privacy notices to End Customers.
11. B2B prospects
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) for proportionate B2B outreach.
We may process business contact details from public sources (websites, LinkedIn), demos, and inbound enquiries to send one-to-one outreach and arrange demos. Every marketing email includes an unsubscribe link. Prospect data is refreshed or deleted at least every 12 months. Object at support@ambassadorflow.com.
12. Influencer Discovery module
Where the Influencer Discovery & Campaigns module is available, we may maintain or display profiles derived from publicly available social-media information to help Clients find creators for collaborations.
Controller role & legal basis: For this module we may act as an independent Controller (or joint controller with the Client for campaign-specific data, depending on feature). Processing rests on legitimate interest (GDPR Art. 6(1)(f)) for professional B2B discovery from public sources.
12.1 Data we may collect and derive
- Username / handle and display name
- Profile avatar and public biography
- Public contact email if shown on the platform
- Follower counts and public engagement metrics (may use automated/AI-assisted analysis)
- Recent public post captions, hashtags, and media previews
12.2 Safeguards and opt-out
- Public-source only; we do not collect private messages or non-public metrics.
- Profiles may be limited to accounts above a follower threshold.
- Influencers may request removal or correction at support@ambassadorflow.com (subject line: “Remove my profile”). We aim to action within 24 business hours.
- Data accuracy is not guaranteed; see our Terms for AI/data disclaimers.
13. AmbassadorFlow partner programme
This section applies to individuals or companies who join AmbassadorFlow’s own partner or affiliate programme (referring new Clients to us) — not to a merchant’s in-store affiliate module.
Legal basis: Contract and consent where you apply to the programme.
We may collect name, company, tax ID, contact details, payout information, and referral performance data. Contact support@ambassadorflow.com to exercise your rights or request deletion.
14. Customer Referral Flow (End Customer Data)
Legal basis: Determined by the Client (typically consent or legitimate interest when a customer joins a referral programme).
14.1 Roles
- The ecommerce store (Client) is the Controller.
- AmbassadorFlow is the Processor providing referral infrastructure.
14.2 Data we process on the Client’s behalf
- Ambassadors / referrers: name, email, postal address (if collected), platform customer ID, referral codes, reward history, signup IP and cookie tokens for fraud prevention.
- Referred buyers / visitors: order numbers and attribution fields, billing city/country (not full street address stored long-term), browser session hashes, IP address on journey events, email/name when supplied at checkout or join flows.
- Communications: transactional emails (reward codes, notifications) via SendGrid or Client-configured SMTP.
- Optional validation: email address sent to MillionVerifier when the Client enables signup verification.
14.3 Sources
- Ambassador Center join and offer pages
- Shopify: OAuth, Admin API, order and checkout webhooks, checkout UI extension, theme embed, shop metafields
- WooCommerce: AmbassadorFlow plugin REST API (
X-Ambassadorflow-Token) - Client admin actions (imports, block lists, manual ambassador creation)
14.4 Purposes
- Track referrals and attribute purchases
- Issue and deliver rewards (discount codes, store credit, etc.)
- Prevent fraud, self-referrals, and abuse (automated and merchant-configured rules)
- Provide reporting to the Client
- Comply with GDPR requests via mandatory Shopify webhooks:
customers/data_request(export to merchant),customers/redact(anonymise matching records),shop/redact(schedule full store purge after uninstall)
14.5 Shopify-specific processing
- We may write short-lived shop metafields (for example pre-rendered thank-you offers keyed by a hashed email identifier) with maximum retention of 24 hours per entry.
- Checkout extensions may read buyer email/name at thank-you to personalise offers.
14.6 Retention
End Customer Data is retained while the Client uses the Platform and the data supports the programme. On customers/redact, we anonymise matching personal fields in place. On store purge (shop/redact schedule), we delete store-scoped data. Certain merchant-configured fraud block-list entries may be retained until the Client removes them (disclosed in the Client’s programme terms).
15. WooCommerce integration (summary)
When a Client connects WooCommerce, our plugin exchanges configuration, coupon, variation, and order data using an authenticated subscription token. The same Processor role and End Customer categories in §14 apply. The Client must install and maintain the plugin and keep the subscription token confidential.
16. Children
Our services are not directed to children under 16 and we do not knowingly collect Personal Data from them. Contact support@ambassadorflow.com if you believe a child has provided data and we will delete it promptly.
17. California Consumer Privacy Act (CCPA)
California residents may request disclosure, deletion, or information about categories of Personal Data collected (subject to exemptions). We do not sell personal information. Contact support@ambassadorflow.com. We respond within 30 days where CCPA applies.